Every major technology platform receives requests from law enforcement agencies seeking user data. In H1 2023, Meta received 214,000 government data requests globally and complied with approximately 72%. Apple received 9,000 US government requests and complied with 82%. Google received 42,000 requests from US authorities alone. These transparency reports — which companies publish voluntarily — reveal how frequently governments use private communications platforms as investigative tools.
The Legal Mechanisms
In the United States, government data requests can take several forms. A subpoena requires the company to produce records — the lowest legal threshold, requiring no judicial approval. A court order under 18 U.S.C. § 2703(d) requires the company to produce electronic records when the government shows "specific and articulable facts." A search warrant — requiring probable cause and judicial approval — is required for the content of electronic communications stored for fewer than 180 days. National Security Letters are administrative subpoenas that come with gag orders preventing the company from disclosing receipt.
What Signal Can Provide (Almost Nothing)
Signal's architecture minimizes what it can provide even under valid legal process. In a 2022 federal grand jury case, Signal responded to a subpoena with a two-page filing that provided only: the date the account was created and the date it last connected to Signal's servers. Signal could provide nothing else — not message content, not contact lists, not IP logs — because it does not collect or store this information. This is not a legal strategy; it is the direct result of engineering decisions.
What WhatsApp Can Provide (Substantially More)
WhatsApp, using the same Signal Protocol for message encryption, can nonetheless provide: subscriber information (phone number, profile name), usage patterns, message logs (who messaged whom and when), IP addresses of connections, and in some cases, cloud backup content through legal process directed at Apple or Google. The technical encryption is excellent. But the surrounding data architecture creates a substantial legal exposure that the encryption alone does not address.
Platforms That Have Nothing to Produce
The most robust response to a government data request is genuine inability — not unwillingness — to comply. A platform that collects no account data, stores no messages, retains no IP logs, and generates no activity records is not being uncooperative when it reports having nothing to produce. It is simply reporting the technical reality. This architecture represents the most effective legal protection for users, because no court order can compel the production of data that does not exist.